<?php
    session_start();
    require_once('userlevel.php'); //Require/include the permissions file
    require_once('template.php'); //Require/include the template file
    require_once('functions.php'); //Require/include the functions file
    require_once('db.php'); //Require/include the file with the database connection information
     
    if (!$_SESSION['user_loggedin']) {
        die ("Not logged in... <script>document.location.href='login.php'</script>");
    } elseif (!($_SESSION['userlevel'] >= $userlevel['edituser'])) {
        die (errorpage ("Your user level is not high enough to use this feature!", 'Edit user'));
    } else {
        //Connect to DB and connect to the database using db.php
        $db = new my_db;
        $id = mysql_escape_string($_GET['id']);
        if (empty($id)) {
            die (errorpage ("Please enter a user ID!", 'Edit user'));
        }
        if (isset($_POST['username']) || isset($_POST['email'])) {
            // check to make sure fields are not empty
            if (empty($_POST['username'])) {
                die (errorpage ("Please enter a username!", 'Edit user'));
            }
            if (empty($_POST['email'])) {
                die (errorpage ("Please enter an E-mail address!", 'Edit user'));
            }
             
             
            $username = mysql_escape_string($_POST['username']);
            $oldusername = mysql_escape_string($_POST['oldusername']);
            $firstname = mysql_escape_string($_POST['firstname']);
            $lastname = mysql_escape_string($_POST['lastname']);
            $email = mysql_escape_string($_POST['email']);
             
             
            if (!empty($_POST['password'])) {
                if ($_POST['password'] !== $_POST['confirmpassword']) {
                    die (errorpage ("Passwords do not match!", 'Edit user'));
                }
                $password = sha1($_POST['password']);
                if ($username !== $oldusername) {
                    $db->query("SELECT * FROM login WHERE username = '$username'");
                    if ($db->nf() == 1) {
                        die (errorpage ("Can not change user name new username already exists!", 'Edit user'));
                    } else {
                        $db->query("UPDATE login SET username='$username', password='$password', firstname='$firstname', lastname='$lastname', email='$email' WHERE id='$id'");
                        $db->query("UPDATE history SET user='$username' WHERE user='$oldusername'");
                    }
                } else {
                    $db->query("UPDATE login SET password='$password', firstname='$firstname', lastname='$lastname', email='$email' WHERE id='$id'");
                }
            }else{
                if ($username !== $oldusername) {
                    $db->query("SELECT * FROM login WHERE username = '$username'");
                    if ($db->nf() == 1) {
                        die (errorpage ("Can not change usename new username already exists!", 'Edit user'));
                    } else {
                        $db->query("UPDATE login SET username='$username', password='$password', firstname='$firstname', lastname='$lastname', email='$email' WHERE id='$id'");
                        $db->query("UPDATE history SET user='$username' WHERE user='$oldusername'");
                    }
                } else {
                    $db->query("UPDATE login SET firstname='$firstname', lastname='$lastname', email='$email'  WHERE id='$id'");
                }
            }
            template_headtag("Editing User:$username");
            template_header();
            template_left();
            echo "<div class='pageheadertext'>Editing User:$username</div><br/>";
             
            echo "<div align='center'>User information updated.<br/><a href='javascript:history.back(1)'>Back</a></div>";
             
            template_footer();
             
        }else{
            $db->query("SELECT * FROM login WHERE id ='$id'");
            $db->next_record();
            $firstname = strip_tags($db->f("firstname"));
            $lastname = strip_tags($db->f("lastname"));
            $username = strip_tags($db->f("username"));
            $email = strip_tags($db->f("email"));
             
             
            template_headtag("Editing User:$username");
            template_header();
            template_left();
            if ($db->nf() == 1) {
                 
                echo "<div class='pageheadertext'>Editing User:$username</div><br/>";
                 
                echo "
                    <div align='center'><form method='post' action='edituser.php?id=$id'>
                    <input type='hidden' name='oldusername' value='$username'>
                    <table>
                    <tr>
                    <td>First name: </td>
                    <td><input type='text' name='firstname' value='$firstname'/></td>
                    </tr>
                    <tr>
                    <td>Last name: </td>
                    <td><input type='text' name='lastname' value='$lastname'/></td>
                    </tr>
                    <tr>
                    <td>Username: </td>
                    <td><input type='text' name='username' value='$username'/></td>
                    </tr>
                    <tr>
                    <td>Password: </td>
                    <td><input type='password' name='password'/></td>
                    </tr>
                    <tr>
                    <td>Confirm password:</td>
                    <td><input type='password' name='confirmpassword'/></td>
                    </tr>
                    <tr>
                    <td>E-mail:</td>
                    <td><input type='text' name='email' value='$email'/></td>
                    </tr>
                    </table>
                    <input type='submit' name='Submit' value='Update'/>
                    </form><br/><a href='javascript:history.back(1)'>Back</a></div>
                     
                     
                    ";
            } else {
                errorbox("Invalid user id!");
            }
            template_footer();
        }
    }
?>
